What do you think about obfuscation?

Discussion in 'Spigot Discussion' started by kacperleague9, Nov 11, 2021.


What do you think about obfuscating the code?

This poll will close on Dec 11, 2021 at 2:29 PM.
  1. It's good, I do it

    11 vote(s)
  2. It's good, but I don't do it

    4 vote(s)
  3. It's bad, but I do it

    1 vote(s)
  4. It's bad, and I don't do it

    24 vote(s)
  5. Not good or not bad

    12 vote(s)
  1. In this post I wanted to ask you guys, mostly plugin devs why obfuscate, or not obfuscate, and what does obfuscation give you?

    What in your opinion is the point of code obfuscation?
  2. Prevent people from stealing your code, or just simply create another layer for other devs to be lazy and not try to decompile your plugin.
  3. Obfuscation is pretty useless in my opinion, you'll be able to crack pretty much every obfuscation if you're dedicated enough. I make all of my plugins open source.
  4. electronicboy

    IRC Staff

    People redistributing plugins time and time again have cracked obfuscation, in fact, it makes it a fun little challenge for them like CTF, all you're doing is pretty much just slowing down anybody who *really* wants to leak your software; Like, obfuscation has been cracked time and time again in this community after devs have gloated about their obfuscation techniques

    At the end of the day, the only people you hurt are the people who purchase your software and find out that they can't modify it to suit their needs or fix it when you inevitable "get hit by a bus" (or, just leave the community)
    • Agree Agree x 3
  5. Strahan


    You need a "It's neither good nor bad" option, because while I don't think it's good for the reasons mentioned above, I also do not think it's "bad" either. It blocks the low effort people but I wouldn't count on it to keep your stuff safe.
    • Like Like x 1
    • Agree Agree x 1
  6. changed
    • Like Like x 1
  7. its pretty much useless cause it just makes your code harder to break. its not like you are a famous developer or elon musk so no one gives a f about your plugin or software
    • Funny Funny x 3
    • Like Like x 1
  8. Optic_Fusion1

    Resource Staff

    You can just deobfuscate the more common obfuscators lol
    • Like Like x 1
  9. What do you think about obfuscating the code?

    > Completely useless.

    Focus on the quality of the product, keeping it current, supporting what customers are asking for, supporting customers in the first place. And use the tools available to fight copyright infringement. But if you aren't willing to actually take someone to court then obfuscation is completely useless anyway. You're only buying yourself some peace of mind and to all the 'good customers' you are looking like you are putting more time into hiding your code than supporting your customers.

    Deobfuscation is easy, so again, it's completely useless. And even if it's completely obfuscated without the option to see the code "ever", someone can just use the product and go 'ah, i see how it's done, I can write this from scratch' and they copy you that way.

    Focus on why you want to share your product with others, don't focus on trying to spend your time on the bad apples.
    • Agree Agree x 5
    • Winner Winner x 1
  10. If you ask ten people the definition of data obfuscation, you'll get 12 different is hiding sensitive data from those who are not authorized to see it.
  11. It is difficult to give a single answer to this question. On the one hand, obfuscation helps protect a plugin from hacking, code theft, or searching for exploits, on the other hand, any plugin can be hacked, any feature can be stolen simply by writing it from scratch, but users will clearly not like it, there is no way to modify the plugin for your needs or study what you put on your server
  12. Most of code can be deobfuscated, so it only can protect variable names and stuff like this
  13. After reading a lot of threads on this, I can say that arguments are always the same, in both opinions. It seems that nothing new will occur in this area (License system "could" be a "hope" but it doesn't follow SpigotMC rules, as far as I know).
    #13 PulsePvP_, Nov 25, 2021
    Last edited: Nov 25, 2021
  14. The classic argument against obfuscation is always "obfuscation can always be broken, so why bother."
    I don't agree with this, it's like saying "why lock your door, people can always find a way into your house". I think everyone knows obfuscation will never completely protect your code - after all, people could just replicate the features in an entirely new plugin.
    When it comes to leaks though, I know for a fact that some of the most active users on certain "leaking" sites have proclaimed that obfuscation make their job significantly harder. That is the only good argument for obfuscation.
    It's not that I think any of my premium plugins will be completely protected against leaks, because they've already been leaked. I just hope it makes the life harder for those who live off selling the work of others.
    • Agree Agree x 1
    • Winner Winner x 1
  15. Im too lazy to do that...
    • Winner Winner x 1
  16. I saw that using multiple obfuscators increase the needed time to deobfuscate the code for leakers, can someone confirm this ?
    • Like Like x 1
  17. This is pretty useless.
    • Like Like x 1
  18. I guess it really depends on the Situation.
  19. Too much of a chore
  20. Not worth it, you will only waste time.